CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21195 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21195
09 Apr 2021 — Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en V8 en Google Chrome versiones anteriores a 89.0.4389.114, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. ... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3448 – dnsmasq: fixed outgoing port used when --server is used with an interface name
https://notcve.org/view.php?id=CVE-2021-3448
08 Apr 2021 — A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1939368 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 2CVE-2021-30184 – Gentoo Linux Security Advisory 202107-28
https://notcve.org/view.php?id=CVE-2021-30184
07 Apr 2021 — GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. GNU Chess versión 6.2.7, permite a atacantes ejecutar código arbitrario por medio de datos PGN (Portable Game Notation) diseñados. Esto está relacionado con un desbordamiento de búfer en el uso de un archivo temporal .tmp.epd en las funciones cmd_pgnload y ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30178
https://notcve.org/view.php?id=CVE-2021-30178
06 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. Se detectó un problema en el kernel de Linux versiones hasta 5.11.11. La función synic_get en el archivo arch/x86/kvm/hyperv.c presenta una desreferencia de puntero NULL para determinados accesos en el contexto SynIC Hyper-V, también se conoce como CID-919f4ebc5987 • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20307 – Ubuntu Security Notice USN-6163-1
https://notcve.org/view.php?id=CVE-2021-20307
05 Apr 2021 — Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. Una vulnerabilidad de cadena de formato en la función panoFileOutputNamesCreate() en libpano versiones 13 2.9.20~rc2+dfsg-3 y anteriores, puede conllevar a leer y escribir valores de memoria arbitrarios It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash,... • https://bugzilla.redhat.com/show_bug.cgi?id=1946284 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 1CVE-2021-28163 – jetty: Symlink directory exposes webapp directory contents
https://notcve.org/view.php?id=CVE-2021-28163
01 Apr 2021 — In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. En Eclipse Jetty versiones 9.4.32 hasta 9.4.38, versiones 10.0.0.beta2 hasta 10.0.1 y versiones 11.0.0.beta2 hasta 11.0.1, si un usuario usa un directorio de aplicaciones web que es un enlace simbólico, el... • https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3447 – ansible: multiple modules expose secured values
https://notcve.org/view.php?id=CVE-2021-3447
01 Apr 2021 — A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This f... • https://bugzilla.redhat.com/show_bug.cgi?id=1939349 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29421
https://notcve.org/view.php?id=CVE-2021-29421
01 Apr 2021 — models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. El archivo models/metadata.py en el paquete pikepdf versión 1.3.0 hasta 2.9.2 para Python, permite un XXE cuando se analizan las entradas de metadatos XMP. • https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29646 – kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
https://notcve.org/view.php?id=CVE-2021-29646
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. tipc_nl_retrieve_key en net/tipc/node.c no valida correctamente ciertos tamaños de datos, también conocido como CID-0217ed2848e8. A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encrypt... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29647 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2021-29647
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. qrtr_recvmsg en net/qrtr/qrtr.c permite a los atacantes obtener información sensible de la memoria del kernel debido a una estructura de datos parcialmente no inicializada, también se con... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-909: Missing Initialization of Resource •